ci: add manual @bitgo-beta SDK bump workflow

pranavjain97 · pranavjain97 · commit 83cee977d2c3 · 2026-05-14T16:32:16.000-04:00
diff --git a/.github/workflows/bump-sdk.yaml b/.github/workflows/bump-sdk.yaml
@@ -0,0 +1,94 @@
+name: Bump @bitgo-beta SDK Dependencies
+
+on:
+  workflow_dispatch:
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  bump-sdk:
+    name: Bump SDK deps and open PR
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          ref: master
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '22.1.0'
+          cache: 'npm'
+
+      - name: Install current dependencies
+        run: npm ci
+
+      - name: Bump @bitgo-beta versions
+        run: npm run bump-versions
+
+      - name: Regenerate lockfile
+        run: npm install --package-lock-only
+
+      - name: Install updated dependencies
+        run: npm ci
+
+      - name: Lint
+        run: npm run lint
+
+      - name: Build
+        run: npm run build
+
+      - name: Generate test SSL certificates
+        run: npm run generate-test-ssl
+
+      - name: Test
+        run: npm test
+        env:
+          NODE_OPTIONS: '--max-old-space-size=4096'
+          MASTER_BITGO_EXPRESS_KEYPATH: ./demo.key
+          MASTER_BITGO_EXPRESS_CRTPATH: ./demo.crt
+          MTLS_ENABLED: true
+          MTLS_REQUEST_CERT: true
+          MTLS_REJECT_UNAUTHORIZED: false
+          KEY_PROVIDER_URL: 'https://localhost:3000/'
+
+      - name: Check for changes
+        id: changes
+        run: |
+          if git diff --quiet HEAD -- package.json package-lock.json; then
+            echo "changed=false" >> $GITHUB_OUTPUT
+          else
+            echo "changed=true" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Commit and push branch
+        id: push-branch
+        if: steps.changes.outputs.changed == 'true'
+        run: |
+          DATE=$(date +'%Y-%m-%d')
+          BRANCH="chore/bump-bitgo-beta-$(date +'%Y%m%d-%H%M')"
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+          git checkout -b "$BRANCH"
+          git add package.json package-lock.json
+          git commit -m "chore: bump @bitgo-beta dependencies ${DATE}"
+          git push origin "$BRANCH"
+          echo "branch=$BRANCH" >> $GITHUB_OUTPUT
+          echo "date=$DATE" >> $GITHUB_OUTPUT
+
+      - name: Open draft PR
+        if: steps.changes.outputs.changed == 'true'
+        run: |
+          gh pr create \
+            --title "chore: bump @bitgo-beta dependencies ${{ steps.push-branch.outputs.date }}" \
+            --body "Automated weekly bump of \`@bitgo-beta/*\` dependencies.
+
+          Build and tests passed on this branch before opening." \
+            --base master \
+            --head "${{ steps.push-branch.outputs.branch }}" \
+            --draft
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/src/__tests__/api/master/accelerate.test.ts b/src/__tests__/api/master/accelerate.test.ts
@@ -34,6 +34,29 @@ describe('POST /api/v1/:coin/advancedwallet/:walletId/accelerate', () => {
     type: 'independent',
   };
 
+  const mockBitgoKeychain = {
+    id: 'bitgo-key-id',
+    pub: 'xpub661MyMwAqRbcH7HSwqXjBxRr2imXfTnCTLBiSHqFMb8FGnXtKEmYYrakVg1YBR6mY8gQwUfq9P',
+    type: 'independent',
+  };
+
+  function nockAllKeychains(accessToken: string) {
+    return [
+      nock(bitgoApiUrl)
+        .get(`/api/v2/${coin}/key/user-key-id`)
+        .matchHeader('authorization', `Bearer ${accessToken}`)
+        .reply(200, mockUserKeychain),
+      nock(bitgoApiUrl)
+        .get(`/api/v2/${coin}/key/backup-key-id`)
+        .matchHeader('authorization', `Bearer ${accessToken}`)
+        .reply(200, mockBackupKeychain),
+      nock(bitgoApiUrl)
+        .get(`/api/v2/${coin}/key/bitgo-key-id`)
+        .matchHeader('authorization', `Bearer ${accessToken}`)
+        .reply(200, mockBitgoKeychain),
+    ];
+  }
+
   before(() => {
     nock.disableNetConnect();
     nock.enableNetConnect('127.0.0.1');
@@ -73,6 +96,8 @@ describe('POST /api/v1/:coin/advancedwallet/:walletId/accelerate', () => {
       .matchHeader('authorization', `Bearer ${accessToken}`)
       .reply(200, mockUserKeychain);
 
+    const allKeychainNocks = nockAllKeychains(accessToken);
+
     const accelerateTransactionStub = sinon
       .stub(Wallet.prototype, 'accelerateTransaction')
       .resolves({
@@ -101,6 +126,7 @@ describe('POST /api/v1/:coin/advancedwallet/:walletId/accelerate', () => {
 
     walletGetNock.done();
     keychainGetNock.done();
+    allKeychainNocks.forEach((n) => n.done());
     sinon.assert.calledOnce(accelerateTransactionStub);
 
     const callArgs = accelerateTransactionStub.firstCall.args[0];
@@ -122,6 +148,8 @@ describe('POST /api/v1/:coin/advancedwallet/:walletId/accelerate', () => {
       .matchHeader('authorization', `Bearer ${accessToken}`)
       .reply(200, mockBackupKeychain);
 
+    const allKeychainNocks = nockAllKeychains(accessToken);
+
     const accelerateTransactionStub = sinon
       .stub(Wallet.prototype, 'accelerateTransaction')
       .resolves({
@@ -148,6 +176,7 @@ describe('POST /api/v1/:coin/advancedwallet/:walletId/accelerate', () => {
 
     walletGetNock.done();
     keychainGetNock.done();
+    allKeychainNocks.forEach((n) => n.done());
     sinon.assert.calledOnce(accelerateTransactionStub);
   });
 
@@ -162,6 +191,8 @@ describe('POST /api/v1/:coin/advancedwallet/:walletId/accelerate', () => {
       .matchHeader('authorization', `Bearer ${accessToken}`)
       .reply(200, mockUserKeychain);
 
+    const allKeychainNocks = nockAllKeychains(accessToken);
+
     const accelerateTransactionStub = sinon
       .stub(Wallet.prototype, 'accelerateTransaction')
       .resolves({
@@ -190,6 +221,7 @@ describe('POST /api/v1/:coin/advancedwallet/:walletId/accelerate', () => {
 
     walletGetNock.done();
     keychainGetNock.done();
+    allKeychainNocks.forEach((n) => n.done());
     sinon.assert.calledOnce(accelerateTransactionStub);
   });
 
@@ -329,6 +361,8 @@ describe('POST /api/v1/:coin/advancedwallet/:walletId/accelerate', () => {
       .matchHeader('authorization', `Bearer ${accessToken}`)
       .reply(200, mockUserKeychain);
 
+    const allKeychainNocks = nockAllKeychains(accessToken);
+
     const accelerateTransactionStub = sinon
       .stub(Wallet.prototype, 'accelerateTransaction')
       .rejects(new Error('Insufficient funds for acceleration'));
@@ -350,6 +384,7 @@ describe('POST /api/v1/:coin/advancedwallet/:walletId/accelerate', () => {
 
     walletGetNock.done();
     keychainGetNock.done();
+    allKeychainNocks.forEach((n) => n.done());
     sinon.assert.calledOnce(accelerateTransactionStub);
   });
 
diff --git a/src/__tests__/api/master/consolidateUnspents.test.ts b/src/__tests__/api/master/consolidateUnspents.test.ts
@@ -34,6 +34,29 @@ describe('POST /api/v1/:coin/advancedwallet/:walletId/consolidateunspents', () =
     type: 'independent',
   };
 
+  const mockBitgoKeychain = {
+    id: 'bitgo-key-id',
+    pub: 'xpub661MyMwAqRbcH7HSwqXjBxRr2imXfTnCTLBiSHqFMb8FGnXtKEmYYrakVg1YBR6mY8gQwUfq9P',
+    type: 'independent',
+  };
+
+  function nockAllKeychains(accessToken: string) {
+    return [
+      nock(bitgoApiUrl)
+        .get(`/api/v2/${coin}/key/user-key-id`)
+        .matchHeader('authorization', `Bearer ${accessToken}`)
+        .reply(200, mockUserKeychain),
+      nock(bitgoApiUrl)
+        .get(`/api/v2/${coin}/key/backup-key-id`)
+        .matchHeader('authorization', `Bearer ${accessToken}`)
+        .reply(200, mockBackupKeychain),
+      nock(bitgoApiUrl)
+        .get(`/api/v2/${coin}/key/bitgo-key-id`)
+        .matchHeader('authorization', `Bearer ${accessToken}`)
+        .reply(200, mockBitgoKeychain),
+    ];
+  }
+
   before(() => {
     nock.disableNetConnect();
     nock.enableNetConnect('127.0.0.1');
@@ -73,6 +96,8 @@ describe('POST /api/v1/:coin/advancedwallet/:walletId/consolidateunspents', () =
       .matchHeader('authorization', `Bearer ${accessToken}`)
       .reply(200, mockUserKeychain);
 
+    const allKeychainNocks = nockAllKeychains(accessToken);
+
     const mockResult = {
       transfer: {
         entries: [
@@ -119,6 +144,7 @@ describe('POST /api/v1/:coin/advancedwallet/:walletId/consolidateunspents', () =
 
     walletGetNock.done();
     keychainGetNock.done();
+    allKeychainNocks.forEach((n) => n.done());
     sinon.assert.calledOnce(consolidateUnspentsStub);
 
     const callArgs = consolidateUnspentsStub.firstCall.args[0];
@@ -140,6 +166,8 @@ describe('POST /api/v1/:coin/advancedwallet/:walletId/consolidateunspents', () =
       .matchHeader('authorization', `Bearer ${accessToken}`)
       .reply(200, mockBackupKeychain);
 
+    const allKeychainNocks = nockAllKeychains(accessToken);
+
     const mockResult = {
       txid: 'backup-consolidation-tx-id',
       tx: '01000000000102backup...',
@@ -169,6 +197,7 @@ describe('POST /api/v1/:coin/advancedwallet/:walletId/consolidateunspents', () =
 
     walletGetNock.done();
     keychainGetNock.done();
+    allKeychainNocks.forEach((n) => n.done());
     sinon.assert.calledOnce(consolidateUnspentsStub);
   });
 
@@ -183,6 +212,8 @@ describe('POST /api/v1/:coin/advancedwallet/:walletId/consolidateunspents', () =
       .matchHeader('authorization', `Bearer ${accessToken}`)
       .reply(200, mockUserKeychain);
 
+    const allKeychainNocks = nockAllKeychains(accessToken);
+
     const mockArrayResult = [
       {
         transfer: {
@@ -232,6 +263,7 @@ describe('POST /api/v1/:coin/advancedwallet/:walletId/consolidateunspents', () =
 
     walletGetNock.done();
     keychainGetNock.done();
+    allKeychainNocks.forEach((n) => n.done());
     sinon.assert.calledOnce(consolidateUnspentsStub);
   });
 
@@ -246,6 +278,8 @@ describe('POST /api/v1/:coin/advancedwallet/:walletId/consolidateunspents', () =
       .matchHeader('authorization', `Bearer ${accessToken}`)
       .reply(200, mockUserKeychain);
 
+    const allKeychainNocks = nockAllKeychains(accessToken);
+
     const mockArrayResult = [
       {
         txid: 'first-tx-id',
@@ -284,6 +318,7 @@ describe('POST /api/v1/:coin/advancedwallet/:walletId/consolidateunspents', () =
 
     walletGetNock.done();
     keychainGetNock.done();
+    allKeychainNocks.forEach((n) => n.done());
     sinon.assert.calledOnce(consolidateUnspentsStub);
   });
 
@@ -298,6 +333,8 @@ describe('POST /api/v1/:coin/advancedwallet/:walletId/consolidateunspents', () =
       .matchHeader('authorization', `Bearer ${accessToken}`)
       .reply(200, mockUserKeychain);
 
+    const allKeychainNocks = nockAllKeychains(accessToken);
+
     const mockResult = {
       txid: 'full-params-consolidation-tx-id',
       tx: '01000000000102full...',
@@ -338,6 +375,7 @@ describe('POST /api/v1/:coin/advancedwallet/:walletId/consolidateunspents', () =
 
     walletGetNock.done();
     keychainGetNock.done();
+    allKeychainNocks.forEach((n) => n.done());
     sinon.assert.calledOnce(consolidateUnspentsStub);
   });
 
@@ -477,6 +515,8 @@ describe('POST /api/v1/:coin/advancedwallet/:walletId/consolidateunspents', () =
       .matchHeader('authorization', `Bearer ${accessToken}`)
       .reply(200, mockUserKeychain);
 
+    const allKeychainNocks = nockAllKeychains(accessToken);
+
     const consolidateUnspentsStub = sinon
       .stub(Wallet.prototype, 'consolidateUnspents')
       .rejects(new Error('No unspents available for consolidation'));
@@ -497,6 +537,7 @@ describe('POST /api/v1/:coin/advancedwallet/:walletId/consolidateunspents', () =
 
     walletGetNock.done();
     keychainGetNock.done();
+    allKeychainNocks.forEach((n) => n.done());
     sinon.assert.calledOnce(consolidateUnspentsStub);
   });
 
diff --git a/src/masterBitgoExpress/handlers/handleAccelerate.ts b/src/masterBitgoExpress/handlers/handleAccelerate.ts
@@ -1,7 +1,11 @@
 import { RequestTracer, KeyIndices } from '@bitgo-beta/sdk-core';
 import logger from '../../shared/logger';
 import { MasterApiSpecRouteRequest } from '../routers/masterBitGoExpressApiSpec';
-import { getWalletAndSigningKeychain, makeCustomSigningFunction } from './utils/utils';
+import {
+  getWalletAndSigningKeychain,
+  getWalletPubs,
+  makeCustomSigningFunction,
+} from './utils/utils';
 
 export async function handleAccelerate(
   req: MasterApiSpecRouteRequest<'v1.wallet.accelerate', 'post'>,
@@ -13,7 +17,7 @@ export async function handleAccelerate(
   const walletId = req.params.walletId;
   const coin = req.params.coin;
 
-  const { wallet, signingKeychain } = await getWalletAndSigningKeychain({
+  const { baseCoin, wallet, signingKeychain } = await getWalletAndSigningKeychain({
     bitgo,
     coin,
     walletId,
@@ -22,12 +26,15 @@ export async function handleAccelerate(
     KeyIndices,
   });
 
+  const walletPubs = await getWalletPubs({ baseCoin, wallet, KeyIndices });
+
   try {
     // Create custom signing function that delegates to EBE
     const customSigningFunction = makeCustomSigningFunction({
       awmClient,
       source: params.source,
       pub: signingKeychain.pub!,
+      walletPubs,
     });
 
     // Prepare acceleration parameters
diff --git a/src/masterBitgoExpress/handlers/handleConsolidateUnspents.ts b/src/masterBitgoExpress/handlers/handleConsolidateUnspents.ts
diff --git a/src/masterBitgoExpress/handlers/utils/utils.ts b/src/masterBitgoExpress/handlers/utils/utils.ts
